CVE-2007-1455

Name of the Vulnerable Software and Affected Versions cPanel versions 10.x

Description The issue concerns absolute path traversal vulnerabilities in Fantastico, used with cPanel. Remote authenticated users can exploit this to include and execute arbitrary local files. This can be achieved via the userlanguage parameter to "includes/load language.php" or the fantasticopath parameter to "includes/mysqlconfig.php" and certain other files.

Recommendations For cPanel version 10.x, consider restricting access to the includes/load language.php and includes/mysqlconfig.php files until a patch is available. As a temporary workaround, avoid using the userlanguage and fantasticopath parameters in the affected API endpoints.